Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Display filter working

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Soft Boy <etherealfilter@xxxxxxxxx>
Date: Mon, 15 Mar 2004 22:55:10 -0800 (PST)
Hi,

I saw some postings on the mailing list about
libethereal. What is it ? May be this is what I need
for my tool. I also want filtering funcationality in a
library and I don't need any GUI. Can I build
libethereal using the ethereal.0.10.2 which I have
downloaded ??

thanks and best regards,
Soft Guy

> > I have a requirement to filter packets stored in
> plain buffers. What I need is a good filter syntax
> and its parser (which ethereal display filters have)
> and a way to match filters to packets stored in byte
> stream array.
> >  
> 
> The display filter mechanism is tied very closely to
> ethereal's model of
> a *dissected* packet, where fields and their values
> are layed out in the
> tree structure. Imagine the protocol tree in the
> middle pane of the
> ethereal GUI... that's the structure that the
> display filter mechanism
> works on.

 
> For a buffer of bytes, tcpdump filters (a.k.a,
> libpcap filters, a.k.a,
> ethereal capture filters) are the way to go. You'd
> want to link to the
> pcap library, possibly modified, to use those.
> 
> 


__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube